Do something wrong and don`t protect ePHI, and as a HIPAA business partner, you can be directly punished for HIPAA offenses by the HHS Civil Rights Office, Attorneys General and other supervisory authorities. Criminal complaints may also apply to certain offences. HIPAA compliance can therefore be frightening, although the potential benefits for software providers to move into the lucrative healthcare market are considerable. 1. Entities that do not create, receive, manage or transmit PHI. If you want to avoid matching commitments, the safest way is to make sure that you are not processing PHI on behalf of a covered business or a counterparty to a covered business. Accidental receipt or accidental access to the PHI outside of your contractual duties does not result in any consideration obligation. The OCR stated that what means having access to [routine PHI] when it comes to determining what types of data services are counterparties versus simple lines, such a provision is based on the nature of the services provided and the extent to which the company needs access to [PHI] to provide the service to the company concerned. , to be concrete. The exclusion from the channel is narrow and is intended to exclude only services that provide only courier services, such as the U.S. Postal Service or United Parcel Service and their electronic equivalents, such as Internet Service Providers (ISPs), which provide only data services.
As noted in the guide, a line carries information, but only randomly or rarely accesses how it is necessary to provide transportation service or as required by other laws. For example, a telecommunications company may have occasional and random access to [PHI] when it verifies that data transmitted over its network arrives at its normal destination. Such random access to [PHI] would not qualify the company as a business partner. On the other hand, an entity with access to [PHI] is required to provide a service to a covered unit, such as .B. a health information organization that manages the exchange of [PHI] through a network of companies covered by the use of data locator services for its subscribers (and other services) is not considered a channel and is therefore not excluded from the definition. 4. Health care providers who receive PHI for the treatment of patients. A health care provider is not a business partner of another insured company while treating patients.
(see 45 CFR 160.103; see also 65 FR 82476 and 82504). As explained by the OCR: If your practice shares PHI with a third party (for example. B experts in it, backup service, Dropbox), we recommend you enter into business association agreements. If you need more information or sample forms that patients and business partners need to sign, you can ask the American Dental Association for information at www.ada.org. The HIPAA data protection rule applies to covered businesses (including dental practices) and their business partners. As you know, in recent years, dental practices have been the target of HIPAA audits reinforced by the OCR.